43 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) 50 #define foreach_vpe_api_msg \ 51 _(IPSEC_SPD_ADD_DEL, ipsec_spd_add_del) \ 52 _(IPSEC_INTERFACE_ADD_DEL_SPD, ipsec_interface_add_del_spd) \ 53 _(IPSEC_SPD_ADD_DEL_ENTRY, ipsec_spd_add_del_entry) \ 54 _(IPSEC_SAD_ADD_DEL_ENTRY, ipsec_sad_add_del_entry) \ 55 _(IPSEC_SA_SET_KEY, ipsec_sa_set_key) \ 56 _(IPSEC_SA_DUMP, ipsec_sa_dump) \ 57 _(IPSEC_SPDS_DUMP, ipsec_spds_dump) \ 58 _(IPSEC_SPD_DUMP, ipsec_spd_dump) \ 59 _(IPSEC_SPD_INTERFACE_DUMP, ipsec_spd_interface_dump) \ 60 _(IPSEC_TUNNEL_IF_ADD_DEL, ipsec_tunnel_if_add_del) \ 61 _(IPSEC_TUNNEL_IF_SET_KEY, ipsec_tunnel_if_set_key) \ 62 _(IPSEC_TUNNEL_IF_SET_SA, ipsec_tunnel_if_set_sa) \ 63 _(IKEV2_PROFILE_ADD_DEL, ikev2_profile_add_del) \ 64 _(IKEV2_PROFILE_SET_AUTH, ikev2_profile_set_auth) \ 65 _(IKEV2_PROFILE_SET_ID, ikev2_profile_set_id) \ 66 _(IKEV2_PROFILE_SET_TS, ikev2_profile_set_ts) \ 67 _(IKEV2_SET_LOCAL_KEY, ikev2_set_local_key) \ 68 _(IKEV2_SET_RESPONDER, ikev2_set_responder) \ 69 _(IKEV2_SET_IKE_TRANSFORMS, ikev2_set_ike_transforms) \ 70 _(IKEV2_SET_ESP_TRANSFORMS, ikev2_set_esp_transforms) \ 71 _(IKEV2_SET_SA_LIFETIME, ikev2_set_sa_lifetime) \ 72 _(IKEV2_INITIATE_SA_INIT, ikev2_initiate_sa_init) \ 73 _(IKEV2_INITIATE_DEL_IKE_SA, ikev2_initiate_del_ike_sa) \ 74 _(IKEV2_INITIATE_DEL_CHILD_SA, ikev2_initiate_del_child_sa) \ 75 _(IKEV2_INITIATE_REKEY_CHILD_SA, ikev2_initiate_rekey_child_sa) 85 vl_api_ipsec_spd_add_del_reply_t *rmp;
98 vl_api_ipsec_interface_add_del_spd_reply_t *rmp;
101 u32 spd_id __attribute__ ((unused));
104 spd_id = ntohl (mp->
spd_id);
111 rv = VNET_API_ERROR_UNIMPLEMENTED;
116 REPLY_MACRO (VL_API_IPSEC_INTERFACE_ADD_DEL_SPD_REPLY);
123 vl_api_ipsec_spd_add_del_entry_reply_t *rmp;
129 memset (&p, 0,
sizeof (p));
156 if (mp->
policy == IPSEC_POLICY_ACTION_RESOLVE)
159 rv = VNET_API_ERROR_UNIMPLEMENTED;
175 rv = VNET_API_ERROR_UNIMPLEMENTED;
180 REPLY_MACRO (VL_API_IPSEC_SPD_ADD_DEL_ENTRY_REPLY);
187 vl_api_ipsec_sad_add_del_entry_reply_t *rmp;
193 memset (&sa, 0,
sizeof (sa));
203 rv = VNET_API_ERROR_UNIMPLEMENTED;
214 rv = VNET_API_ERROR_UNIMPLEMENTED;
242 rv = VNET_API_ERROR_UNIMPLEMENTED;
248 rv = VNET_API_ERROR_UNIMPLEMENTED;
253 REPLY_MACRO (VL_API_IPSEC_SAD_ADD_DEL_ENTRY_REPLY);
263 memset (mp, 0,
sizeof (*mp));
264 mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPDS_DETAILS);
286 send_ipsec_spds_details (spd, reg, mp->context);
301 memset (mp, 0,
sizeof (*mp));
302 mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS);
360 if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == policy->sa_id)
361 send_ipsec_spd_details (policy, reg,
377 memset (mp, 0,
sizeof (*mp));
378 mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_INTERFACE_DETAILS);
406 send_ipsec_spd_interface_details(reg, v, k, mp->context);
414 send_ipsec_spd_interface_details(reg, v, k, mp->context);
428 vl_api_ipsec_sa_set_key_reply_t *rmp;
440 rv = VNET_API_ERROR_UNIMPLEMENTED;
489 rv = VNET_API_ERROR_UNIMPLEMENTED;
506 memset (mp, 0,
sizeof (*mp));
507 mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_DETAILS);
513 mp->
spi = htonl (sa->
spi);
544 mp->
salt = clib_host_to_net_u32 (sa->
salt);
569 u32 *sa_index_to_tun_if_index = 0;
582 vnet_hw_interface_t *hi;
583 u32 sw_if_index = ~0;
585 hi = vnet_get_hw_interface (vnm, t->hw_if_index);
586 sw_if_index = hi->sw_if_index;
587 sa_index_to_tun_if_index[t->input_sa_index] = sw_if_index;
588 sa_index_to_tun_if_index[t->output_sa_index] = sw_if_index;
593 if (mp->sa_id == ~(0) || ntohl (mp->sa_id) == sa->id)
594 send_ipsec_sa_details (sa, reg, mp->context,
595 sa_index_to_tun_if_index[sa - im->sad]);
599 vec_free (sa_index_to_tun_if_index);
610 vl_api_ipsec_tunnel_if_set_key_reply_t *rmp;
624 if (mp->
alg < IPSEC_CRYPTO_ALG_AES_CBC_128 ||
627 rv = VNET_API_ERROR_UNIMPLEMENTED;
635 rv = VNET_API_ERROR_UNIMPLEMENTED;
641 rv = VNET_API_ERROR_UNIMPLEMENTED;
657 REPLY_MACRO (VL_API_IPSEC_TUNNEL_IF_SET_KEY_REPLY);
664 vl_api_ipsec_tunnel_if_set_sa_reply_t *rmp;
686 vl_api_ikev2_profile_add_del_reply_t *rmp;
696 rv = VNET_API_ERROR_UNSPECIFIED;
698 rv = VNET_API_ERROR_UNIMPLEMENTED;
708 vl_api_ikev2_profile_set_auth_reply_t *rmp;
721 rv = VNET_API_ERROR_UNSPECIFIED;
723 rv = VNET_API_ERROR_UNIMPLEMENTED;
732 vl_api_ikev2_profile_add_del_reply_t *rmp;
745 rv = VNET_API_ERROR_UNSPECIFIED;
747 rv = VNET_API_ERROR_UNIMPLEMENTED;
756 vl_api_ikev2_profile_set_ts_reply_t *rmp;
768 rv = VNET_API_ERROR_UNSPECIFIED;
770 rv = VNET_API_ERROR_UNIMPLEMENTED;
779 vl_api_ikev2_profile_set_ts_reply_t *rmp;
788 rv = VNET_API_ERROR_UNSPECIFIED;
790 rv = VNET_API_ERROR_UNIMPLEMENTED;
799 vl_api_ikev2_set_responder_reply_t *rmp;
813 rv = VNET_API_ERROR_UNSPECIFIED;
815 rv = VNET_API_ERROR_UNIMPLEMENTED;
825 vl_api_ikev2_set_ike_transforms_reply_t *rmp;
839 rv = VNET_API_ERROR_UNSPECIFIED;
841 rv = VNET_API_ERROR_UNIMPLEMENTED;
844 REPLY_MACRO (VL_API_IKEV2_SET_IKE_TRANSFORMS_REPLY);
851 vl_api_ikev2_set_esp_transforms_reply_t *rmp;
865 rv = VNET_API_ERROR_UNSPECIFIED;
867 rv = VNET_API_ERROR_UNIMPLEMENTED;
870 REPLY_MACRO (VL_API_IKEV2_SET_ESP_TRANSFORMS_REPLY);
876 vl_api_ikev2_set_sa_lifetime_reply_t *rmp;
890 rv = VNET_API_ERROR_UNSPECIFIED;
892 rv = VNET_API_ERROR_UNIMPLEMENTED;
901 vl_api_ikev2_initiate_sa_init_reply_t *rmp;
913 rv = VNET_API_ERROR_UNSPECIFIED;
915 rv = VNET_API_ERROR_UNIMPLEMENTED;
925 vl_api_ikev2_initiate_del_ike_sa_reply_t *rmp;
934 rv = VNET_API_ERROR_UNSPECIFIED;
936 rv = VNET_API_ERROR_UNIMPLEMENTED;
939 REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_IKE_SA_REPLY);
946 vl_api_ikev2_initiate_del_child_sa_reply_t *rmp;
955 rv = VNET_API_ERROR_UNSPECIFIED;
957 rv = VNET_API_ERROR_UNIMPLEMENTED;
960 REPLY_MACRO (VL_API_IKEV2_INITIATE_DEL_CHILD_SA_REPLY);
967 vl_api_ikev2_initiate_rekey_child_sa_reply_t *rmp;
976 rv = VNET_API_ERROR_UNSPECIFIED;
978 rv = VNET_API_ERROR_UNIMPLEMENTED;
981 REPLY_MACRO (VL_API_IKEV2_INITIATE_REKEY_CHILD_SA_REPLY);
991 #define vl_msg_name_crc_list 993 #undef vl_msg_name_crc_list 998 #define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id); 999 foreach_vl_msg_name_crc_ipsec;
1009 vl_msg_api_set_handlers(VL_API_##N, #n, \ 1010 vl_api_##n##_t_handler, \ 1012 vl_api_##n##_t_endian, \ 1013 vl_api_##n##_t_print, \ 1014 sizeof(vl_api_##n##_t), 1);
int ipsec_set_interface_key(vnet_main_t *vnm, u32 hw_if_index, ipsec_if_set_key_type_t type, u8 alg, u8 *key)
static void vl_api_ikev2_profile_set_auth_t_handler(vl_api_ikev2_profile_set_auth_t *mp)
static void vl_api_ipsec_sa_set_key_t_handler(vl_api_ipsec_sa_set_key_t *mp)
static void vl_api_ikev2_set_local_key_t_handler(vl_api_ikev2_set_local_key_t *mp)
int ipsec_set_interface_sa(vnet_main_t *vnm, u32 hw_if_index, u32 sa_id, u8 is_outbound)
u8 use_extended_sequence_number
clib_error_t * ikev2_set_profile_responder(vlib_main_t *vm, u8 *name, u32 sw_if_index, ip4_address_t ip4)
ipsec_tunnel_if_t * tunnel_interfaces
int ipsec_add_del_policy(vlib_main_t *vm, ipsec_policy_t *policy, int is_add)
ip46_address_t tunnel_src_addr
IKEv2: Set Child SA lifetime, limited by time and/or data.
IPsec: SPD interface response.
clib_error_t * ikev2_add_del_profile(vlib_main_t *vm, u8 *name, int is_add)
static void vl_api_ikev2_initiate_rekey_child_sa_t_handler(vl_api_ikev2_initiate_rekey_child_sa_t *mp)
static void vl_api_ipsec_tunnel_if_set_key_t_handler(vl_api_ipsec_tunnel_if_set_key_t *mp)
u8 tunnel_dst_address[16]
IKEv2: Add/delete profile.
VLIB_API_INIT_FUNCTION(ipsec_api_hookup)
IPsec: Update Security Association keys.
int ipsec_set_interface_spd(vlib_main_t *vm, u32 sw_if_index, u32 spd_id, int is_add)
clib_error_t * ikev2_initiate_delete_ike_sa(vlib_main_t *vm, u64 ispi)
#define REPLY_MACRO2(t, body)
static void vl_api_send_msg(vl_api_registration_t *rp, u8 *elem)
ipsec_integ_alg_t integ_alg
IPsec: Add/delete Security Policy Database entry.
u8 remote_crypto_key[128]
static void setup_message_id_table(api_main_t *am)
static void vl_api_ipsec_sa_dump_t_handler(vl_api_ipsec_sa_dump_t *mp)
static vnet_sw_interface_t * vnet_get_sw_interface(vnet_main_t *vnm, u32 sw_if_index)
static void vl_api_ipsec_spd_add_del_entry_t_handler(vl_api_ipsec_spd_add_del_entry_t *mp)
clib_error_t * ikev2_set_profile_sa_lifetime(vlib_main_t *vm, u8 *name, u64 lifetime, u32 jitter, u32 handover, u64 maxdata)
void * vl_msg_api_alloc(int nbytes)
#define foreach_vpe_api_msg
#define pool_len(p)
Number of elements in pool vector.
int ipsec_add_del_spd(vlib_main_t *vm, u32 spd_id, int is_add)
uword * spd_index_by_sw_if_index
static void vl_api_ipsec_interface_add_del_spd_t_handler(vl_api_ipsec_interface_add_del_spd_t *mp)
u8 local_address_start[16]
memset(h->entries, 0, sizeof(h->entries[0])*entries)
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
clib_error_t * ikev2_initiate_sa_init(vlib_main_t *vm, u8 *name)
#define vec_new(T, N)
Create new vector of given type and length (unspecified alignment, no header).
clib_error_t * ikev2_set_profile_auth(vlib_main_t *vm, u8 *name, u8 auth_method, u8 *auth_data, u8 data_hex_format)
static void vl_api_ipsec_tunnel_if_add_del_t_handler(vl_api_ipsec_tunnel_if_add_del_t *mp)
static void vl_api_ikev2_set_responder_t_handler(vl_api_ikev2_set_responder_t *mp)
Set key on IPsec interface.
#define hash_foreach(key_var, value_var, h, body)
static void vl_api_ipsec_spd_dump_t_handler(vl_api_ipsec_spd_dump_t *mp)
static void vl_api_ipsec_spd_interface_dump_t_handler(vl_api_ipsec_spd_interface_dump_t *mp)
static void vl_api_ikev2_profile_set_ts_t_handler(vl_api_ikev2_profile_set_ts_t *mp)
ipsec_main_callbacks_t cb
IKEv2: Initiate the delete Child SA exchange.
clib_error_t * ikev2_set_profile_esp_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
IKEv2: Set IKEv2 profile local/remote identification.
IKEv2: Set IKEv2 profile traffic selector parameters.
static void vl_api_ikev2_initiate_del_child_sa_t_handler(vl_api_ikev2_initiate_del_child_sa_t *mp)
u8 * format_ipsec_crypto_alg(u8 *s, va_list *args)
ipsec_policy_t * policies
static void vl_api_ipsec_spd_add_del_t_handler(vl_api_ipsec_spd_add_del_t *mp)
u8 local_address_stop[16]
clib_error_t * ikev2_set_profile_id(vlib_main_t *vm, u8 *name, u8 id_type, u8 *data, int is_local)
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
u8 remote_crypto_key[128]
counter_t packets
packet counter
Dump IPsec all SPD IDs response.
Add/delete IPsec tunnel interface response.
IKEv2: Initiate the rekey Child SA exchange.
clib_error_t *(* check_support_cb)(ipsec_sa_t *sa)
IPsec: Add/delete Security Policy Database.
clib_error_t * ikev2_initiate_delete_child_sa(vlib_main_t *vm, u32 ispi)
static void vl_api_ikev2_initiate_sa_init_t_handler(vl_api_ikev2_initiate_sa_init_t *mp)
static void vl_api_ikev2_set_sa_lifetime_t_handler(vl_api_ikev2_set_sa_lifetime_t *mp)
ip46_address_range_t laddr
static void send_ipsec_sa_details(ipsec_sa_t *sa, vl_api_registration_t *reg, u32 context, u32 sw_if_index)
static void vl_api_ikev2_set_ike_transforms_t_handler(vl_api_ikev2_set_ike_transforms_t *mp)
uword * spd_index_by_spd_id
clib_error_t * ikev2_set_local_key(vlib_main_t *vm, u8 *file)
clib_error_t * ikev2_set_profile_ts(vlib_main_t *vm, u8 *name, u8 protocol_id, u16 start_port, u16 end_port, ip4_address_t start_addr, ip4_address_t end_addr, int is_local)
static void vl_api_ipsec_tunnel_if_set_sa_t_handler(vl_api_ipsec_tunnel_if_set_sa_t *mp)
API main structure, used by both vpp and binary API clients.
ip46_address_t tunnel_dst_addr
An API client registration, only in vpp/vlib.
#define BAD_SW_IF_INDEX_LABEL
IPsec: Add/delete SPD from interface.
clib_error_t * ikev2_initiate_rekey_child_sa(vlib_main_t *vm, u32 ispi)
ipsec_crypto_alg_t crypto_alg
static void vl_api_ikev2_set_esp_transforms_t_handler(vl_api_ikev2_set_esp_transforms_t *mp)
u8 remote_address_stop[16]
int ipsec_add_del_sa(vlib_main_t *vm, ipsec_sa_t *new_sa, int is_add)
#define vec_free(V)
Free vector's memory (no header).
IPsec: Add/delete Security Association Database entry.
#define clib_warning(format, args...)
#define clib_memcpy(a, b, c)
u8 remote_address_start[16]
int ipsec_set_sa_key(vlib_main_t *vm, ipsec_sa_t *sa_update)
u8 tunnel_src_address[16]
Set new SA on IPsec interface.
IKEv2: Initiate the SA_INIT exchange.
static vl_api_registration_t * vl_api_client_index_to_registration(u32 index)
static void vl_api_ipsec_sad_add_del_entry_t_handler(vl_api_ipsec_sad_add_del_entry_t *mp)
static void vl_api_ipsec_spds_dump_t_handler(vl_api_ipsec_spds_dump_t *mp)
static void send_ipsec_spd_interface_details(vl_api_registration_t *reg, u32 spd_index, u32 sw_if_index, u32 context)
ip46_address_range_t raddr
static void send_ipsec_spd_details(ipsec_policy_t *p, vl_api_registration_t *reg, u32 context)
Dump IPsec security association.
IKEv2: Set IKEv2 responder interface and IP address.
ipsec_integ_alg_t integ_alg
IKEv2: Initiate the delete IKE SA exchange.
IKEv2: Set IKEv2 profile authentication method.
Dump ipsec policy database data.
ipsec_protocol_t protocol
static void send_ipsec_spds_details(ipsec_spd_t *spd, vl_api_registration_t *reg, u32 context)
static vlib_main_t * vlib_get_main(void)
IPsec policy database response.
u8 * format_ipsec_integ_alg(u8 *s, va_list *args)
IPsec: Get SPD interfaces.
counter_t bytes
byte counter
static void vl_api_ikev2_profile_set_id_t_handler(vl_api_ikev2_profile_set_id_t *mp)
int ipsec_add_del_tunnel_if_internal(vnet_main_t *vnm, ipsec_add_del_tunnel_args_t *args, u32 *sw_if_index)
IKEv2: Set IKEv2 local RSA private key.
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
clib_error_t * ikev2_set_profile_ike_transforms(vlib_main_t *vm, u8 *name, ikev2_transform_encr_type_t crypto_alg, ikev2_transform_integ_type_t integ_alg, ikev2_transform_dh_type_t dh_type, u32 crypto_key_size)
static void vl_api_ikev2_profile_add_del_t_handler(vl_api_ikev2_profile_add_del_t *mp)
ipsec_crypto_alg_t crypto_alg
static void vl_api_ikev2_initiate_del_ike_sa_t_handler(vl_api_ikev2_initiate_del_ike_sa_t *mp)
static clib_error_t * ipsec_api_hookup(vlib_main_t *vm)
IPsec security association database response.
#define vec_validate_init_empty(V, I, INIT)
Make sure vector is long enough for given index and initialize empty space (no header, unspecified alignment)
Add or delete IPsec tunnel interface.
#define VALIDATE_SW_IF_INDEX(mp)
static uword pool_elts(void *v)
Number of active elements in a pool.
1.8.11 
